git-doc-mcp 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +543 -0
- package/dist/audit/index.d.ts +2 -0
- package/dist/audit/index.d.ts.map +1 -0
- package/dist/audit/index.js +2 -0
- package/dist/audit/index.js.map +1 -0
- package/dist/audit/logger.d.ts +81 -0
- package/dist/audit/logger.d.ts.map +1 -0
- package/dist/audit/logger.js +179 -0
- package/dist/audit/logger.js.map +1 -0
- package/dist/cli/commands/serve.d.ts +44 -0
- package/dist/cli/commands/serve.d.ts.map +1 -0
- package/dist/cli/commands/serve.js +360 -0
- package/dist/cli/commands/serve.js.map +1 -0
- package/dist/cli/index.d.ts +21 -0
- package/dist/cli/index.d.ts.map +1 -0
- package/dist/cli/index.js +71 -0
- package/dist/cli/index.js.map +1 -0
- package/dist/http/client.d.ts +39 -0
- package/dist/http/client.d.ts.map +1 -0
- package/dist/http/client.js +114 -0
- package/dist/http/client.js.map +1 -0
- package/dist/http/index.d.ts +7 -0
- package/dist/http/index.d.ts.map +1 -0
- package/dist/http/index.js +7 -0
- package/dist/http/index.js.map +1 -0
- package/dist/http/redirect-utils.d.ts +27 -0
- package/dist/http/redirect-utils.d.ts.map +1 -0
- package/dist/http/redirect-utils.js +73 -0
- package/dist/http/redirect-utils.js.map +1 -0
- package/dist/index.d.ts +36 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +44 -0
- package/dist/index.js.map +1 -0
- package/dist/manifest/index.d.ts +7 -0
- package/dist/manifest/index.d.ts.map +1 -0
- package/dist/manifest/index.js +7 -0
- package/dist/manifest/index.js.map +1 -0
- package/dist/manifest/loader.d.ts +55 -0
- package/dist/manifest/loader.d.ts.map +1 -0
- package/dist/manifest/loader.js +222 -0
- package/dist/manifest/loader.js.map +1 -0
- package/dist/manifest/schema.d.ts +909 -0
- package/dist/manifest/schema.d.ts.map +1 -0
- package/dist/manifest/schema.js +148 -0
- package/dist/manifest/schema.js.map +1 -0
- package/dist/rate-limit/index.d.ts +6 -0
- package/dist/rate-limit/index.d.ts.map +1 -0
- package/dist/rate-limit/index.js +6 -0
- package/dist/rate-limit/index.js.map +1 -0
- package/dist/rate-limit/limiter.d.ts +38 -0
- package/dist/rate-limit/limiter.d.ts.map +1 -0
- package/dist/rate-limit/limiter.js +55 -0
- package/dist/rate-limit/limiter.js.map +1 -0
- package/dist/sandbox/context.d.ts +69 -0
- package/dist/sandbox/context.d.ts.map +1 -0
- package/dist/sandbox/context.js +134 -0
- package/dist/sandbox/context.js.map +1 -0
- package/dist/sandbox/executor.d.ts +50 -0
- package/dist/sandbox/executor.d.ts.map +1 -0
- package/dist/sandbox/executor.js +259 -0
- package/dist/sandbox/executor.js.map +1 -0
- package/dist/sandbox/index.d.ts +8 -0
- package/dist/sandbox/index.d.ts.map +1 -0
- package/dist/sandbox/index.js +8 -0
- package/dist/sandbox/index.js.map +1 -0
- package/dist/sandbox/url-validator.d.ts +40 -0
- package/dist/sandbox/url-validator.d.ts.map +1 -0
- package/dist/sandbox/url-validator.js +178 -0
- package/dist/sandbox/url-validator.js.map +1 -0
- package/dist/secrets/index.d.ts +7 -0
- package/dist/secrets/index.d.ts.map +1 -0
- package/dist/secrets/index.js +7 -0
- package/dist/secrets/index.js.map +1 -0
- package/dist/secrets/manager.d.ts +55 -0
- package/dist/secrets/manager.d.ts.map +1 -0
- package/dist/secrets/manager.js +94 -0
- package/dist/secrets/manager.js.map +1 -0
- package/dist/secrets/patterns.d.ts +33 -0
- package/dist/secrets/patterns.d.ts.map +1 -0
- package/dist/secrets/patterns.js +71 -0
- package/dist/secrets/patterns.js.map +1 -0
- package/dist/server/index.d.ts +6 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +6 -0
- package/dist/server/index.js.map +1 -0
- package/dist/server/mcp.d.ts +60 -0
- package/dist/server/mcp.d.ts.map +1 -0
- package/dist/server/mcp.js +173 -0
- package/dist/server/mcp.js.map +1 -0
- package/dist/worker/index.d.ts +7 -0
- package/dist/worker/index.d.ts.map +1 -0
- package/dist/worker/index.js +7 -0
- package/dist/worker/index.js.map +1 -0
- package/dist/worker/process.d.ts +64 -0
- package/dist/worker/process.d.ts.map +1 -0
- package/dist/worker/process.js +222 -0
- package/dist/worker/process.js.map +1 -0
- package/dist/worker/protocol.d.ts +83 -0
- package/dist/worker/protocol.d.ts.map +1 -0
- package/dist/worker/protocol.js +55 -0
- package/dist/worker/protocol.js.map +1 -0
- package/dist/worker/worker-entry.d.ts +30 -0
- package/dist/worker/worker-entry.d.ts.map +1 -0
- package/dist/worker/worker-entry.js +136 -0
- package/dist/worker/worker-entry.js.map +1 -0
- package/package.json +55 -0
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Structured audit logger for security events.
|
|
3
|
+
* Writes JSON-lines to ~/.git-doc-mcp/logs/audit.jsonl with auto-rotation at 10MB.
|
|
4
|
+
*
|
|
5
|
+
* IMPORTANT: This logger runs ONLY in the main process.
|
|
6
|
+
* Worker processes use WorkerAuditProxy (defined in worker-entry.ts)
|
|
7
|
+
* which sends audit events via IPC to avoid file write race conditions.
|
|
8
|
+
*
|
|
9
|
+
* @module audit/logger
|
|
10
|
+
*/
|
|
11
|
+
import * as fs from 'node:fs/promises';
|
|
12
|
+
import * as path from 'node:path';
|
|
13
|
+
import * as os from 'node:os';
|
|
14
|
+
/**
|
|
15
|
+
* Maximum audit log file size before rotation (10MB).
|
|
16
|
+
*/
|
|
17
|
+
const MAX_LOG_SIZE = 10 * 1024 * 1024;
|
|
18
|
+
/**
|
|
19
|
+
* Buffer flush thresholds.
|
|
20
|
+
*/
|
|
21
|
+
const FLUSH_INTERVAL_MS = 100;
|
|
22
|
+
const FLUSH_BUFFER_SIZE = 50;
|
|
23
|
+
/**
|
|
24
|
+
* File-based audit logger.
|
|
25
|
+
* Writes JSON-lines to disk with buffering and auto-rotation.
|
|
26
|
+
*/
|
|
27
|
+
export class FileAuditLogger {
|
|
28
|
+
buffer = [];
|
|
29
|
+
flushTimer = null;
|
|
30
|
+
logDir;
|
|
31
|
+
logFile;
|
|
32
|
+
dirCreated = false;
|
|
33
|
+
flushing = false;
|
|
34
|
+
constructor(logDir) {
|
|
35
|
+
this.logDir = logDir ?? path.join(os.homedir(), '.git-doc-mcp', 'logs');
|
|
36
|
+
this.logFile = path.join(this.logDir, 'audit.jsonl');
|
|
37
|
+
this.flushTimer = setInterval(() => {
|
|
38
|
+
this.flush().catch(() => { });
|
|
39
|
+
}, FLUSH_INTERVAL_MS);
|
|
40
|
+
// Unref the timer so it doesn't prevent Node from exiting
|
|
41
|
+
if (this.flushTimer && typeof this.flushTimer.unref === 'function') {
|
|
42
|
+
this.flushTimer.unref();
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
log(event) {
|
|
46
|
+
this.buffer.push(JSON.stringify(event));
|
|
47
|
+
if (this.buffer.length >= FLUSH_BUFFER_SIZE) {
|
|
48
|
+
this.flush().catch(() => { });
|
|
49
|
+
}
|
|
50
|
+
}
|
|
51
|
+
logFetch(url, status, duration, manifestName) {
|
|
52
|
+
this.log({
|
|
53
|
+
timestamp: new Date().toISOString(),
|
|
54
|
+
event: 'fetch',
|
|
55
|
+
url,
|
|
56
|
+
status: status?.toString(),
|
|
57
|
+
duration_ms: duration,
|
|
58
|
+
manifestName,
|
|
59
|
+
});
|
|
60
|
+
}
|
|
61
|
+
logRedirect(from, to, manifestName) {
|
|
62
|
+
this.log({
|
|
63
|
+
timestamp: new Date().toISOString(),
|
|
64
|
+
event: 'redirect',
|
|
65
|
+
url: to,
|
|
66
|
+
details: { from },
|
|
67
|
+
manifestName,
|
|
68
|
+
});
|
|
69
|
+
}
|
|
70
|
+
logSecretAccess(secretName, url, allowed, manifestName) {
|
|
71
|
+
this.log({
|
|
72
|
+
timestamp: new Date().toISOString(),
|
|
73
|
+
event: 'secret-access',
|
|
74
|
+
secretName,
|
|
75
|
+
url,
|
|
76
|
+
status: allowed ? 'allowed' : 'denied',
|
|
77
|
+
manifestName,
|
|
78
|
+
});
|
|
79
|
+
}
|
|
80
|
+
logActionStart(actionName, manifestName) {
|
|
81
|
+
this.log({
|
|
82
|
+
timestamp: new Date().toISOString(),
|
|
83
|
+
event: 'action-start',
|
|
84
|
+
actionName,
|
|
85
|
+
manifestName,
|
|
86
|
+
});
|
|
87
|
+
}
|
|
88
|
+
logActionEnd(actionName, status, duration_ms, manifestName) {
|
|
89
|
+
this.log({
|
|
90
|
+
timestamp: new Date().toISOString(),
|
|
91
|
+
event: 'action-end',
|
|
92
|
+
actionName,
|
|
93
|
+
status,
|
|
94
|
+
duration_ms,
|
|
95
|
+
manifestName,
|
|
96
|
+
});
|
|
97
|
+
}
|
|
98
|
+
logActionLog(level, message, manifestName) {
|
|
99
|
+
this.log({
|
|
100
|
+
timestamp: new Date().toISOString(),
|
|
101
|
+
event: 'action-log',
|
|
102
|
+
status: level,
|
|
103
|
+
details: { message },
|
|
104
|
+
manifestName,
|
|
105
|
+
});
|
|
106
|
+
}
|
|
107
|
+
logError(message, details, manifestName) {
|
|
108
|
+
this.log({
|
|
109
|
+
timestamp: new Date().toISOString(),
|
|
110
|
+
event: 'error',
|
|
111
|
+
details: { message, ...details },
|
|
112
|
+
manifestName,
|
|
113
|
+
});
|
|
114
|
+
}
|
|
115
|
+
async close() {
|
|
116
|
+
if (this.flushTimer) {
|
|
117
|
+
clearInterval(this.flushTimer);
|
|
118
|
+
this.flushTimer = null;
|
|
119
|
+
}
|
|
120
|
+
await this.flush();
|
|
121
|
+
}
|
|
122
|
+
async flush() {
|
|
123
|
+
if (this.buffer.length === 0 || this.flushing)
|
|
124
|
+
return;
|
|
125
|
+
this.flushing = true;
|
|
126
|
+
const lines = this.buffer.splice(0);
|
|
127
|
+
try {
|
|
128
|
+
if (!this.dirCreated) {
|
|
129
|
+
await fs.mkdir(this.logDir, { recursive: true });
|
|
130
|
+
this.dirCreated = true;
|
|
131
|
+
}
|
|
132
|
+
// Check for rotation before writing
|
|
133
|
+
await this.rotate();
|
|
134
|
+
// Append all buffered lines
|
|
135
|
+
const data = lines.join('\n') + '\n';
|
|
136
|
+
await fs.appendFile(this.logFile, data, 'utf-8');
|
|
137
|
+
}
|
|
138
|
+
catch {
|
|
139
|
+
// Audit failures never crash the process
|
|
140
|
+
}
|
|
141
|
+
finally {
|
|
142
|
+
this.flushing = false;
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
async rotate() {
|
|
146
|
+
try {
|
|
147
|
+
const stat = await fs.stat(this.logFile);
|
|
148
|
+
if (stat.size >= MAX_LOG_SIZE) {
|
|
149
|
+
const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
|
|
150
|
+
const rotatedFile = path.join(this.logDir, `audit-${timestamp}.jsonl`);
|
|
151
|
+
await fs.rename(this.logFile, rotatedFile);
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
catch {
|
|
155
|
+
// File doesn't exist yet or can't stat — no rotation needed
|
|
156
|
+
}
|
|
157
|
+
}
|
|
158
|
+
}
|
|
159
|
+
/**
|
|
160
|
+
* No-op audit logger for testing or when audit logging is disabled.
|
|
161
|
+
*/
|
|
162
|
+
export class NoopAuditLogger {
|
|
163
|
+
log() { }
|
|
164
|
+
logFetch() { }
|
|
165
|
+
logRedirect() { }
|
|
166
|
+
logSecretAccess() { }
|
|
167
|
+
logActionStart() { }
|
|
168
|
+
logActionEnd() { }
|
|
169
|
+
logActionLog() { }
|
|
170
|
+
logError() { }
|
|
171
|
+
async close() { }
|
|
172
|
+
}
|
|
173
|
+
/**
|
|
174
|
+
* Create an audit logger instance.
|
|
175
|
+
*/
|
|
176
|
+
export function createAuditLogger(logDir) {
|
|
177
|
+
return new FileAuditLogger(logDir);
|
|
178
|
+
}
|
|
179
|
+
//# sourceMappingURL=logger.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/audit/logger.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAgC9B;;GAEG;AACH,MAAM,YAAY,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,CAAC;AAEtC;;GAEG;AACH,MAAM,iBAAiB,GAAG,GAAG,CAAC;AAC9B,MAAM,iBAAiB,GAAG,EAAE,CAAC;AAE7B;;;GAGG;AACH,MAAM,OAAO,eAAe;IAClB,MAAM,GAAa,EAAE,CAAC;IACtB,UAAU,GAA0C,IAAI,CAAC;IACzD,MAAM,CAAS;IACf,OAAO,CAAS;IAChB,UAAU,GAAG,KAAK,CAAC;IACnB,QAAQ,GAAG,KAAK,CAAC;IAEzB,YAAY,MAAe;QACzB,IAAI,CAAC,MAAM,GAAG,MAAM,IAAI,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,MAAM,CAAC,CAAC;QACxE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QACrD,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE;YACjC,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC/B,CAAC,EAAE,iBAAiB,CAAC,CAAC;QACtB,0DAA0D;QAC1D,IAAI,IAAI,CAAC,UAAU,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YACnE,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IAED,GAAG,CAAC,KAAiB;QACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;QACxC,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,iBAAiB,EAAE,CAAC;YAC5C,IAAI,CAAC,KAAK,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAC/B,CAAC;IACH,CAAC;IAED,QAAQ,CAAC,GAAW,EAAE,MAAe,EAAE,QAAiB,EAAE,YAAqB;QAC7E,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,OAAO;YACd,GAAG;YACH,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE;YAC1B,WAAW,EAAE,QAAQ;YACrB,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,WAAW,CAAC,IAAY,EAAE,EAAU,EAAE,YAAqB;QACzD,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,UAAU;YACjB,GAAG,EAAE,EAAE;YACP,OAAO,EAAE,EAAE,IAAI,EAAE;YACjB,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,eAAe,CAAC,UAAkB,EAAE,GAAW,EAAE,OAAgB,EAAE,YAAqB;QACtF,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,eAAe;YACtB,UAAU;YACV,GAAG;YACH,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,QAAQ;YACtC,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,cAAc,CAAC,UAAkB,EAAE,YAAqB;QACtD,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,cAAc;YACrB,UAAU;YACV,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,UAAkB,EAAE,MAAc,EAAE,WAAmB,EAAE,YAAqB;QACzF,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,YAAY;YACnB,UAAU;YACV,MAAM;YACN,WAAW;YACX,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,YAAY,CAAC,KAAa,EAAE,OAAe,EAAE,YAAqB;QAChE,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,YAAY;YACnB,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,OAAO,EAAE;YACpB,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,QAAQ,CAAC,OAAe,EAAE,OAAiC,EAAE,YAAqB;QAChF,IAAI,CAAC,GAAG,CAAC;YACP,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACnC,KAAK,EAAE,OAAO;YACd,OAAO,EAAE,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE;YAChC,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,KAAK;QACT,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACzB,CAAC;QACD,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;IAEO,KAAK,CAAC,KAAK;QACjB,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,IAAI,CAAC,QAAQ;YAAE,OAAO;QAEtD,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC;QACrB,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QAEpC,IAAI,CAAC;YACH,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;gBACrB,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACjD,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;YACzB,CAAC;YAED,oCAAoC;YACpC,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;YAEpB,4BAA4B;YAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;YACrC,MAAM,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QACxB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,MAAM;QAClB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YACzC,IAAI,IAAI,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;gBAC9B,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;gBACjE,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,SAAS,SAAS,QAAQ,CAAC,CAAC;gBACvE,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,4DAA4D;QAC9D,CAAC;IACH,CAAC;CACF;AAED;;GAEG;AACH,MAAM,OAAO,eAAe;IAC1B,GAAG,KAAU,CAAC;IACd,QAAQ,KAAU,CAAC;IACnB,WAAW,KAAU,CAAC;IACtB,eAAe,KAAU,CAAC;IAC1B,cAAc,KAAU,CAAC;IACzB,YAAY,KAAU,CAAC;IACvB,YAAY,KAAU,CAAC;IACvB,QAAQ,KAAU,CAAC;IACnB,KAAK,CAAC,KAAK,KAAmB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,MAAe;IAC/C,OAAO,IAAI,eAAe,CAAC,MAAM,CAAC,CAAC;AACrC,CAAC"}
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Serve command - starts MCP server from a manifest.
|
|
3
|
+
* @module commands/serve
|
|
4
|
+
*/
|
|
5
|
+
import { Manifest } from '../../index.js';
|
|
6
|
+
/**
|
|
7
|
+
* Serve command options.
|
|
8
|
+
*/
|
|
9
|
+
export interface ServeOptions {
|
|
10
|
+
manifest: string;
|
|
11
|
+
manifestHeader: string[];
|
|
12
|
+
manifestHash?: string;
|
|
13
|
+
actionCodeHeader: string[];
|
|
14
|
+
resourceHeader: string[];
|
|
15
|
+
secret: string[];
|
|
16
|
+
timeout: string;
|
|
17
|
+
memoryLimit: string;
|
|
18
|
+
allowHttp: boolean;
|
|
19
|
+
trustChanged: boolean;
|
|
20
|
+
rateLimit: string;
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Execute the serve command.
|
|
24
|
+
*/
|
|
25
|
+
export declare function serveCommand(options: ServeOptions): Promise<void>;
|
|
26
|
+
/**
|
|
27
|
+
* Parse header strings into object.
|
|
28
|
+
* Format: "Header-Name: Header-Value"
|
|
29
|
+
*/
|
|
30
|
+
export declare function parseHeaders(headers: string[]): Record<string, string>;
|
|
31
|
+
/**
|
|
32
|
+
* Parse secret strings into object.
|
|
33
|
+
* Format: "NAME=value"
|
|
34
|
+
*/
|
|
35
|
+
export declare function parseSecrets(secrets: string[]): Record<string, string>;
|
|
36
|
+
/**
|
|
37
|
+
* Get secret scopes from manifest.
|
|
38
|
+
*/
|
|
39
|
+
export declare function getSecretScopes(manifest: Manifest): Record<string, string[]>;
|
|
40
|
+
/**
|
|
41
|
+
* Create a safe path component from a string.
|
|
42
|
+
*/
|
|
43
|
+
export declare function hashPath(input: string): string;
|
|
44
|
+
//# sourceMappingURL=serve.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/serve.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH,OAAO,EAQL,QAAQ,EAIT,MAAM,gBAAgB,CAAC;AAExB;;GAEG;AACH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,gBAAgB,EAAE,MAAM,EAAE,CAAC;IAC3B,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,MAAM,EAAE,MAAM,EAAE,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,YAAY,EAAE,OAAO,CAAC;IACtB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CA2QvE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWtE;AAED;;;GAGG;AACH,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAWtE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAAC,CAO5E;AA6ED;;GAEG;AACH,wBAAgB,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE9C"}
|
|
@@ -0,0 +1,360 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Serve command - starts MCP server from a manifest.
|
|
3
|
+
* @module commands/serve
|
|
4
|
+
*/
|
|
5
|
+
import * as fs from 'node:fs/promises';
|
|
6
|
+
import * as path from 'node:path';
|
|
7
|
+
import * as os from 'node:os';
|
|
8
|
+
import * as crypto from 'node:crypto';
|
|
9
|
+
import { loadManifest, createMcpServer, startMcpServer, SecretsManager, fetchContent, verifyHash, WorkerManager, validateUrl, createAuditLogger, RateLimiter, } from '../../index.js';
|
|
10
|
+
/**
|
|
11
|
+
* Execute the serve command.
|
|
12
|
+
*/
|
|
13
|
+
export async function serveCommand(options) {
|
|
14
|
+
const { manifest: manifestPath, manifestHeader, manifestHash: pinnedHash, actionCodeHeader, resourceHeader: resourceHeaderRaw, secret: preApprovedSecrets, timeout, memoryLimit: memoryLimitStr, allowHttp, trustChanged, } = options;
|
|
15
|
+
const memoryLimitBytes = parseInt(memoryLimitStr, 10);
|
|
16
|
+
if (!Number.isFinite(memoryLimitBytes) || memoryLimitBytes < 8 * 1024 * 1024 || memoryLimitBytes > 1024 * 1024 * 1024) {
|
|
17
|
+
console.error(`Error: --memory-limit must be an integer between 8388608 (8MB) and 1073741824 (1GB). Got: ${memoryLimitStr}`);
|
|
18
|
+
process.exit(1);
|
|
19
|
+
}
|
|
20
|
+
if (memoryLimitBytes !== 128 * 1024 * 1024) {
|
|
21
|
+
console.error(`Using custom memory limit: ${memoryLimitBytes} bytes (${(memoryLimitBytes / 1024 / 1024).toFixed(0)}MB)`);
|
|
22
|
+
}
|
|
23
|
+
// Rate limiting
|
|
24
|
+
const rateLimitValue = parseInt(options.rateLimit, 10);
|
|
25
|
+
if (!Number.isFinite(rateLimitValue) || rateLimitValue < 0) {
|
|
26
|
+
console.error(`Error: --rate-limit must be a non-negative integer. Got: ${options.rateLimit}`);
|
|
27
|
+
process.exit(1);
|
|
28
|
+
}
|
|
29
|
+
const rateLimiter = rateLimitValue > 0 ? new RateLimiter(rateLimitValue, 60_000) : null;
|
|
30
|
+
if (rateLimiter) {
|
|
31
|
+
console.error(`Rate limiting enabled: ${rateLimitValue} calls/minute`);
|
|
32
|
+
}
|
|
33
|
+
// Create audit logger (single instance for the main process)
|
|
34
|
+
const auditLogger = createAuditLogger();
|
|
35
|
+
// Parse headers
|
|
36
|
+
const manifestHeaders = parseHeaders(manifestHeader);
|
|
37
|
+
const actionHeaders = parseHeaders(actionCodeHeader);
|
|
38
|
+
const resourceHeaders = parseHeaders(resourceHeaderRaw ?? []);
|
|
39
|
+
// Parse pre-approved secrets
|
|
40
|
+
const secrets = parseSecrets(preApprovedSecrets);
|
|
41
|
+
// Load manifest
|
|
42
|
+
console.error(`Loading manifest from: ${manifestPath}`);
|
|
43
|
+
const manifestResult = await loadManifest({
|
|
44
|
+
manifestPath,
|
|
45
|
+
headers: manifestHeaders,
|
|
46
|
+
auditLogger,
|
|
47
|
+
allowHttp,
|
|
48
|
+
});
|
|
49
|
+
// Verify manifest hash if pinned
|
|
50
|
+
if (pinnedHash) {
|
|
51
|
+
if (manifestResult.hash !== pinnedHash) {
|
|
52
|
+
auditLogger.logError('Manifest hash mismatch', { expected: pinnedHash, got: manifestResult.hash });
|
|
53
|
+
console.error(`Error: Manifest hash mismatch!`);
|
|
54
|
+
console.error(` Expected: ${pinnedHash}`);
|
|
55
|
+
console.error(` Got: ${manifestResult.hash}`);
|
|
56
|
+
process.exit(1);
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
else {
|
|
60
|
+
// TOFU: Check if manifest hash changed
|
|
61
|
+
await checkTofu(manifestPath, manifestResult.hash, trustChanged);
|
|
62
|
+
}
|
|
63
|
+
const { manifest } = manifestResult;
|
|
64
|
+
// Setup secrets manager
|
|
65
|
+
const secretsManager = new SecretsManager();
|
|
66
|
+
// Approve pre-approved secrets from --secret flags
|
|
67
|
+
for (const [name, value] of Object.entries(secrets)) {
|
|
68
|
+
const secretDef = manifest.secrets?.find((s) => s.name === name);
|
|
69
|
+
if (secretDef) {
|
|
70
|
+
secretsManager.approve(secretDef, value);
|
|
71
|
+
console.error(`Approved secret: ${name}`);
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
// Check environment variables for missing secrets (AC6)
|
|
75
|
+
// --secret flag takes precedence over env vars
|
|
76
|
+
for (const secret of manifest.secrets ?? []) {
|
|
77
|
+
if (!secretsManager.isApproved(secret.name)) {
|
|
78
|
+
const envName = 'GIT_MCP_SECRET_' + secret.name.toUpperCase().replace(/-/g, '_');
|
|
79
|
+
const envValue = process.env[envName];
|
|
80
|
+
if (envValue !== undefined) {
|
|
81
|
+
secretsManager.approve(secret, envValue);
|
|
82
|
+
console.error(`Approved secret from env: ${secret.name} (${envName})`);
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
}
|
|
86
|
+
// Prompt for missing required secrets
|
|
87
|
+
for (const secret of manifest.secrets ?? []) {
|
|
88
|
+
if (secret.required && !secretsManager.isApproved(secret.name)) {
|
|
89
|
+
console.error(`Error: Required secret "${secret.name}" not provided`);
|
|
90
|
+
process.exit(1);
|
|
91
|
+
}
|
|
92
|
+
}
|
|
93
|
+
// Create worker manager with audit logger
|
|
94
|
+
const workerManager = new WorkerManager({
|
|
95
|
+
timeout: parseInt(timeout, 10),
|
|
96
|
+
logger: console.error,
|
|
97
|
+
auditLogger,
|
|
98
|
+
});
|
|
99
|
+
// Action cache
|
|
100
|
+
const actionCache = new Map();
|
|
101
|
+
// Create MCP server
|
|
102
|
+
const server = createMcpServer({
|
|
103
|
+
manifest,
|
|
104
|
+
onToolCall: async (name, input) => {
|
|
105
|
+
// Rate limit check
|
|
106
|
+
if (rateLimiter && !rateLimiter.tryAcquire()) {
|
|
107
|
+
auditLogger.logError('Rate limit exceeded', { toolName: name, limit: rateLimitValue }, manifest.name);
|
|
108
|
+
return {
|
|
109
|
+
content: [{
|
|
110
|
+
type: 'text',
|
|
111
|
+
text: `Rate limit exceeded: ${rateLimitValue} calls per minute. Retry after a brief pause or increase with --rate-limit <n>.`,
|
|
112
|
+
}],
|
|
113
|
+
isError: true,
|
|
114
|
+
};
|
|
115
|
+
}
|
|
116
|
+
const tool = manifest.tools?.find((t) => t.name === name);
|
|
117
|
+
if (!tool) {
|
|
118
|
+
auditLogger.logError('Tool not found', { toolName: name }, manifest.name);
|
|
119
|
+
return {
|
|
120
|
+
content: [{ type: 'text', text: `Tool not found: ${name}` }],
|
|
121
|
+
isError: true,
|
|
122
|
+
};
|
|
123
|
+
}
|
|
124
|
+
try {
|
|
125
|
+
// Log action start
|
|
126
|
+
auditLogger.logActionStart(name, manifest.name);
|
|
127
|
+
const startTime = Date.now();
|
|
128
|
+
// Get or fetch action code
|
|
129
|
+
let actionCode = actionCache.get(tool.action);
|
|
130
|
+
if (!actionCode) {
|
|
131
|
+
console.error(`Fetching action: ${tool.action}`);
|
|
132
|
+
const result = await fetchContent(tool.action, {
|
|
133
|
+
headers: actionHeaders,
|
|
134
|
+
auditLogger,
|
|
135
|
+
allowHttp,
|
|
136
|
+
});
|
|
137
|
+
// Verify hash
|
|
138
|
+
verifyHash(result.content, tool.actionHash);
|
|
139
|
+
actionCode = result.content;
|
|
140
|
+
actionCache.set(tool.action, actionCode);
|
|
141
|
+
}
|
|
142
|
+
// Execute in worker
|
|
143
|
+
const response = await workerManager.executeAction({
|
|
144
|
+
id: crypto.randomUUID(),
|
|
145
|
+
type: 'execute',
|
|
146
|
+
payload: {
|
|
147
|
+
actionUrl: tool.action,
|
|
148
|
+
actionCode,
|
|
149
|
+
input,
|
|
150
|
+
secrets: secretsManager.getAllSecrets(),
|
|
151
|
+
timeout: parseInt(timeout, 10),
|
|
152
|
+
manifest: {
|
|
153
|
+
name: manifest.name,
|
|
154
|
+
version: manifest.version,
|
|
155
|
+
},
|
|
156
|
+
secretScopes: getSecretScopes(manifest),
|
|
157
|
+
memoryLimit: memoryLimitBytes,
|
|
158
|
+
},
|
|
159
|
+
});
|
|
160
|
+
if (response.type === 'error') {
|
|
161
|
+
auditLogger.logActionEnd(name, 'error', Date.now() - startTime, manifest.name);
|
|
162
|
+
auditLogger.logError('Worker execution failed', { toolName: name, error: response.error?.message }, manifest.name);
|
|
163
|
+
return {
|
|
164
|
+
content: [{ type: 'text', text: response.error?.message ?? 'Unknown error' }],
|
|
165
|
+
isError: true,
|
|
166
|
+
};
|
|
167
|
+
}
|
|
168
|
+
auditLogger.logActionEnd(name, 'success', Date.now() - startTime, manifest.name);
|
|
169
|
+
return response.result;
|
|
170
|
+
}
|
|
171
|
+
catch (error) {
|
|
172
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
173
|
+
auditLogger.logError('Action execution failed', { toolName: name, error: message }, manifest.name);
|
|
174
|
+
return {
|
|
175
|
+
content: [{ type: 'text', text: `Error: ${message}` }],
|
|
176
|
+
isError: true,
|
|
177
|
+
};
|
|
178
|
+
}
|
|
179
|
+
},
|
|
180
|
+
onResourceRead: manifest.resources ? async (uri) => {
|
|
181
|
+
const resource = manifest.resources?.find((r) => r.uri === uri);
|
|
182
|
+
if (!resource) {
|
|
183
|
+
throw new Error(`Resource not found: ${uri}`);
|
|
184
|
+
}
|
|
185
|
+
try {
|
|
186
|
+
// Validate resource URI against SSRF (AC19)
|
|
187
|
+
const resourceSchemes = allowHttp ? ['https', 'http'] : ['https'];
|
|
188
|
+
await validateUrl(resource.uri, { allowedSchemes: resourceSchemes });
|
|
189
|
+
const response = await fetchContent(resource.uri, {
|
|
190
|
+
headers: resourceHeaders,
|
|
191
|
+
auditLogger,
|
|
192
|
+
allowHttp,
|
|
193
|
+
});
|
|
194
|
+
return response.content;
|
|
195
|
+
}
|
|
196
|
+
catch (error) {
|
|
197
|
+
const message = error instanceof Error ? error.message : String(error);
|
|
198
|
+
throw new Error(`Failed to read resource: ${message}`);
|
|
199
|
+
}
|
|
200
|
+
} : undefined,
|
|
201
|
+
onPromptGet: manifest.prompts ? async (name, args) => {
|
|
202
|
+
const prompt = manifest.prompts?.find((p) => p.name === name);
|
|
203
|
+
if (!prompt) {
|
|
204
|
+
throw new Error(`Prompt not found: ${name}`);
|
|
205
|
+
}
|
|
206
|
+
// Structured messages: substitute {{arg}} placeholders and return
|
|
207
|
+
if (prompt.messages) {
|
|
208
|
+
return {
|
|
209
|
+
description: prompt.description,
|
|
210
|
+
messages: prompt.messages.map((msg) => ({
|
|
211
|
+
role: msg.role,
|
|
212
|
+
content: substituteContent(msg.content, args ?? {}),
|
|
213
|
+
})),
|
|
214
|
+
};
|
|
215
|
+
}
|
|
216
|
+
// Simple fallback: build single user message from description + args
|
|
217
|
+
let text = prompt.description;
|
|
218
|
+
if (prompt.args && args) {
|
|
219
|
+
text += '\n\nArguments:\n';
|
|
220
|
+
for (const arg of prompt.args) {
|
|
221
|
+
const value = args[arg.name];
|
|
222
|
+
if (value !== undefined) {
|
|
223
|
+
text += `- ${arg.name}: ${value}\n`;
|
|
224
|
+
}
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
return {
|
|
228
|
+
description: prompt.description,
|
|
229
|
+
messages: [{ role: 'user', content: { type: 'text', text } }],
|
|
230
|
+
};
|
|
231
|
+
} : undefined,
|
|
232
|
+
});
|
|
233
|
+
// Cleanup on exit
|
|
234
|
+
const cleanup = async () => {
|
|
235
|
+
await auditLogger.close();
|
|
236
|
+
};
|
|
237
|
+
process.on('beforeExit', cleanup);
|
|
238
|
+
// Start server
|
|
239
|
+
console.error(`Starting MCP server: ${manifest.name} v${manifest.version}`);
|
|
240
|
+
await startMcpServer(server);
|
|
241
|
+
}
|
|
242
|
+
/**
|
|
243
|
+
* Parse header strings into object.
|
|
244
|
+
* Format: "Header-Name: Header-Value"
|
|
245
|
+
*/
|
|
246
|
+
export function parseHeaders(headers) {
|
|
247
|
+
const result = {};
|
|
248
|
+
for (const header of headers) {
|
|
249
|
+
const colonIndex = header.indexOf(':');
|
|
250
|
+
if (colonIndex > 0) {
|
|
251
|
+
const name = header.slice(0, colonIndex).trim();
|
|
252
|
+
const value = header.slice(colonIndex + 1).trim();
|
|
253
|
+
result[name] = value;
|
|
254
|
+
}
|
|
255
|
+
}
|
|
256
|
+
return result;
|
|
257
|
+
}
|
|
258
|
+
/**
|
|
259
|
+
* Parse secret strings into object.
|
|
260
|
+
* Format: "NAME=value"
|
|
261
|
+
*/
|
|
262
|
+
export function parseSecrets(secrets) {
|
|
263
|
+
const result = {};
|
|
264
|
+
for (const secret of secrets) {
|
|
265
|
+
const equalIndex = secret.indexOf('=');
|
|
266
|
+
if (equalIndex > 0) {
|
|
267
|
+
const name = secret.slice(0, equalIndex).trim();
|
|
268
|
+
const value = secret.slice(equalIndex + 1);
|
|
269
|
+
result[name] = value;
|
|
270
|
+
}
|
|
271
|
+
}
|
|
272
|
+
return result;
|
|
273
|
+
}
|
|
274
|
+
/**
|
|
275
|
+
* Get secret scopes from manifest.
|
|
276
|
+
*/
|
|
277
|
+
export function getSecretScopes(manifest) {
|
|
278
|
+
const result = {};
|
|
279
|
+
for (const secret of manifest.secrets ?? []) {
|
|
280
|
+
const scopes = Array.isArray(secret.scope) ? secret.scope : [secret.scope];
|
|
281
|
+
result[secret.name] = scopes;
|
|
282
|
+
}
|
|
283
|
+
return result;
|
|
284
|
+
}
|
|
285
|
+
/**
|
|
286
|
+
* Substitute {{argName}} placeholders in a template string.
|
|
287
|
+
*/
|
|
288
|
+
function substituteTemplate(template, args) {
|
|
289
|
+
return template.replace(/\{\{(\w+)\}\}/g, (_match, name) => args[name] ?? `{{${name}}}`);
|
|
290
|
+
}
|
|
291
|
+
/**
|
|
292
|
+
* Substitute {{argName}} placeholders in prompt content.
|
|
293
|
+
* Ensures resource.text is always present (required by MCP TextResourceContents).
|
|
294
|
+
*/
|
|
295
|
+
function substituteContent(content, args) {
|
|
296
|
+
if (content.type === 'text') {
|
|
297
|
+
return { type: 'text', text: substituteTemplate(content.text, args) };
|
|
298
|
+
}
|
|
299
|
+
const resource = {
|
|
300
|
+
uri: substituteTemplate(content.resource.uri, args),
|
|
301
|
+
text: substituteTemplate(content.resource.text ?? '', args),
|
|
302
|
+
};
|
|
303
|
+
if (content.resource.mimeType) {
|
|
304
|
+
resource.mimeType = content.resource.mimeType;
|
|
305
|
+
}
|
|
306
|
+
return { type: 'resource', resource };
|
|
307
|
+
}
|
|
308
|
+
/**
|
|
309
|
+
* Check TOFU (Trust-on-First-Use) for manifest hash.
|
|
310
|
+
*/
|
|
311
|
+
async function checkTofu(manifestPath, currentHash, trustChanged = false) {
|
|
312
|
+
const trustDir = path.join(os.homedir(), '.git-doc-mcp', 'trust');
|
|
313
|
+
const trustFile = path.join(trustDir, hashPath(manifestPath), 'manifest.trust');
|
|
314
|
+
try {
|
|
315
|
+
const storedHash = await fs.readFile(trustFile, 'utf-8');
|
|
316
|
+
if (storedHash !== currentHash) {
|
|
317
|
+
console.error(``);
|
|
318
|
+
console.error(`Warning: Manifest content has changed since last use!`);
|
|
319
|
+
console.error(` Previous: ${storedHash}`);
|
|
320
|
+
console.error(` Current: ${currentHash}`);
|
|
321
|
+
console.error(``);
|
|
322
|
+
console.error(`This could indicate:`);
|
|
323
|
+
console.error(` - Legitimate update from the manifest author`);
|
|
324
|
+
console.error(` - Manifest compromise`);
|
|
325
|
+
console.error(``);
|
|
326
|
+
if (trustChanged) {
|
|
327
|
+
await fs.writeFile(trustFile, currentHash, 'utf-8');
|
|
328
|
+
console.error(`Manifest change accepted. Updated stored hash.`);
|
|
329
|
+
}
|
|
330
|
+
else {
|
|
331
|
+
console.error(`Current hash: ${currentHash}`);
|
|
332
|
+
console.error(`To accept this change, re-run with: --trust-changed`);
|
|
333
|
+
console.error(`For CI pinning, use: --manifest-hash ${currentHash}`);
|
|
334
|
+
process.exit(1);
|
|
335
|
+
}
|
|
336
|
+
}
|
|
337
|
+
}
|
|
338
|
+
catch (error) {
|
|
339
|
+
const code = error.code;
|
|
340
|
+
if (code === 'ENOENT') {
|
|
341
|
+
// First use - trust file doesn't exist yet
|
|
342
|
+
await fs.mkdir(path.dirname(trustFile), { recursive: true });
|
|
343
|
+
await fs.writeFile(trustFile, currentHash, 'utf-8');
|
|
344
|
+
console.error(`First use of manifest. Stored hash: ${currentHash}`);
|
|
345
|
+
console.error(`For CI pinning, use: --manifest-hash ${currentHash}`);
|
|
346
|
+
}
|
|
347
|
+
else {
|
|
348
|
+
// Unexpected error reading trust file - fail closed
|
|
349
|
+
console.error(`Error reading trust file: ${error.message}`);
|
|
350
|
+
process.exit(1);
|
|
351
|
+
}
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
/**
|
|
355
|
+
* Create a safe path component from a string.
|
|
356
|
+
*/
|
|
357
|
+
export function hashPath(input) {
|
|
358
|
+
return crypto.createHash('sha256').update(input).digest('hex').slice(0, 16);
|
|
359
|
+
}
|
|
360
|
+
//# sourceMappingURL=serve.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../../src/cli/commands/serve.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EACL,YAAY,EACZ,eAAe,EACf,cAAc,EACd,cAAc,EACd,YAAY,EACZ,UAAU,EACV,aAAa,EAEb,WAAW,EACX,iBAAiB,EACjB,WAAW,GACZ,MAAM,gBAAgB,CAAC;AAmBxB;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAAqB;IACtD,MAAM,EACJ,QAAQ,EAAE,YAAY,EACtB,cAAc,EACd,YAAY,EAAE,UAAU,EACxB,gBAAgB,EAChB,cAAc,EAAE,iBAAiB,EACjC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,EACP,WAAW,EAAE,cAAc,EAC3B,SAAS,EACT,YAAY,GACb,GAAG,OAAO,CAAC;IAEZ,MAAM,gBAAgB,GAAG,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IACtD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,gBAAgB,CAAC,IAAI,gBAAgB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,IAAI,gBAAgB,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;QACtH,OAAO,CAAC,KAAK,CAAC,6FAA6F,cAAc,EAAE,CAAC,CAAC;QAC7H,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,IAAI,gBAAgB,KAAK,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;QAC3C,OAAO,CAAC,KAAK,CAAC,8BAA8B,gBAAgB,WAAW,CAAC,gBAAgB,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IAC3H,CAAC;IAED,gBAAgB;IAChB,MAAM,cAAc,GAAG,QAAQ,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,IAAI,cAAc,GAAG,CAAC,EAAE,CAAC;QAC3D,OAAO,CAAC,KAAK,CAAC,4DAA4D,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAC/F,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,WAAW,GAAG,cAAc,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACxF,IAAI,WAAW,EAAE,CAAC;QAChB,OAAO,CAAC,KAAK,CAAC,0BAA0B,cAAc,eAAe,CAAC,CAAC;IACzE,CAAC;IAED,6DAA6D;IAC7D,MAAM,WAAW,GAAG,iBAAiB,EAAE,CAAC;IAExC,gBAAgB;IAChB,MAAM,eAAe,GAAG,YAAY,CAAC,cAAc,CAAC,CAAC;IACrD,MAAM,aAAa,GAAG,YAAY,CAAC,gBAAgB,CAAC,CAAC;IACrD,MAAM,eAAe,GAAG,YAAY,CAAC,iBAAiB,IAAI,EAAE,CAAC,CAAC;IAE9D,6BAA6B;IAC7B,MAAM,OAAO,GAAG,YAAY,CAAC,kBAAkB,CAAC,CAAC;IAEjD,gBAAgB;IAChB,OAAO,CAAC,KAAK,CAAC,0BAA0B,YAAY,EAAE,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,MAAM,YAAY,CAAC;QACxC,YAAY;QACZ,OAAO,EAAE,eAAe;QACxB,WAAW;QACX,SAAS;KACV,CAAC,CAAC;IAEH,iCAAiC;IACjC,IAAI,UAAU,EAAE,CAAC;QACf,IAAI,cAAc,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YACvC,WAAW,CAAC,QAAQ,CAAC,wBAAwB,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;YACnG,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAChD,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,UAAU,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;YAC/C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,uCAAuC;QACvC,MAAM,SAAS,CAAC,YAAY,EAAE,cAAc,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,EAAE,QAAQ,EAAE,GAAG,cAAc,CAAC;IAEpC,wBAAwB;IACxB,MAAM,cAAc,GAAG,IAAI,cAAc,EAAE,CAAC;IAE5C,mDAAmD;IACnD,KAAK,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACpD,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QACjE,IAAI,SAAS,EAAE,CAAC;YACd,cAAc,CAAC,OAAO,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YACzC,OAAO,CAAC,KAAK,CAAC,oBAAoB,IAAI,EAAE,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAED,wDAAwD;IACxD,+CAA+C;IAC/C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QAC5C,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC5C,MAAM,OAAO,GAAG,iBAAiB,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YACjF,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YACtC,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;gBAC3B,cAAc,CAAC,OAAO,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;gBACzC,OAAO,CAAC,KAAK,CAAC,6BAA6B,MAAM,CAAC,IAAI,KAAK,OAAO,GAAG,CAAC,CAAC;YACzE,CAAC;QACH,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QAC5C,IAAI,MAAM,CAAC,QAAQ,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YAC/D,OAAO,CAAC,KAAK,CAAC,2BAA2B,MAAM,CAAC,IAAI,gBAAgB,CAAC,CAAC;YACtE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC;QACtC,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;QAC9B,MAAM,EAAE,OAAO,CAAC,KAAK;QACrB,WAAW;KACZ,CAAC,CAAC;IAEH,eAAe;IACf,MAAM,WAAW,GAAG,IAAI,GAAG,EAAkB,CAAC;IAE9C,oBAAoB;IACpB,MAAM,MAAM,GAAG,eAAe,CAAC;QAC7B,QAAQ;QACR,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EAAE;YAChC,mBAAmB;YACnB,IAAI,WAAW,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,CAAC;gBAC7C,WAAW,CAAC,QAAQ,CAAC,qBAAqB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACtG,OAAO;oBACL,OAAO,EAAE,CAAC;4BACR,IAAI,EAAE,MAAM;4BACZ,IAAI,EAAE,wBAAwB,cAAc,iFAAiF;yBAC9H,CAAC;oBACF,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,MAAM,IAAI,GAAG,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,WAAW,CAAC,QAAQ,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAC1E,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,mBAAmB,IAAI,EAAE,EAAE,CAAC;oBAC5D,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,IAAI,CAAC;gBACH,mBAAmB;gBACnB,WAAW,CAAC,cAAc,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBAChD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBAE7B,2BAA2B;gBAC3B,IAAI,UAAU,GAAG,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;gBAC9C,IAAI,CAAC,UAAU,EAAE,CAAC;oBAChB,OAAO,CAAC,KAAK,CAAC,oBAAoB,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;oBACjD,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE;wBAC7C,OAAO,EAAE,aAAa;wBACtB,WAAW;wBACX,SAAS;qBACV,CAAC,CAAC;oBAEH,cAAc;oBACd,UAAU,CAAC,MAAM,CAAC,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;oBAE5C,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC;oBAC5B,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;gBAC3C,CAAC;gBAED,oBAAoB;gBACpB,MAAM,QAAQ,GAAG,MAAM,aAAa,CAAC,aAAa,CAAC;oBACjD,EAAE,EAAE,MAAM,CAAC,UAAU,EAAE;oBACvB,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE;wBACP,SAAS,EAAE,IAAI,CAAC,MAAM;wBACtB,UAAU;wBACV,KAAK;wBACL,OAAO,EAAE,cAAc,CAAC,aAAa,EAAE;wBACvC,OAAO,EAAE,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC;wBAC9B,QAAQ,EAAE;4BACR,IAAI,EAAE,QAAQ,CAAC,IAAI;4BACnB,OAAO,EAAE,QAAQ,CAAC,OAAO;yBAC1B;wBACD,YAAY,EAAE,eAAe,CAAC,QAAQ,CAAC;wBACvC,WAAW,EAAE,gBAAgB;qBAC9B;iBACF,CAAC,CAAC;gBAEH,IAAI,QAAQ,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;oBAC9B,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;oBAC/E,WAAW,CAAC,QAAQ,CAAC,yBAAyB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;oBACnH,OAAO;wBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,CAAC,KAAK,EAAE,OAAO,IAAI,eAAe,EAAE,CAAC;wBAC7E,OAAO,EAAE,IAAI;qBACd,CAAC;gBACJ,CAAC;gBAED,WAAW,CAAC,YAAY,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACjF,OAAO,QAAQ,CAAC,MAAM,CAAC;YACzB,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvE,WAAW,CAAC,QAAQ,CAAC,yBAAyB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACnG,OAAO;oBACL,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,UAAU,OAAO,EAAE,EAAE,CAAC;oBACtD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;QACH,CAAC;QACD,cAAc,EAAE,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,EAAE,GAAG,EAAE,EAAE;YACjD,MAAM,QAAQ,GAAG,QAAQ,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,CAAC;YAChE,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACd,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,EAAE,CAAC,CAAC;YAChD,CAAC;YAED,IAAI,CAAC;gBACH,4CAA4C;gBAC5C,MAAM,eAAe,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAClE,MAAM,WAAW,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,eAAe,EAAE,CAAC,CAAC;gBAErE,MAAM,QAAQ,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,GAAG,EAAE;oBAChD,OAAO,EAAE,eAAe;oBACxB,WAAW;oBACX,SAAS;iBACV,CAAC,CAAC;gBAEH,OAAO,QAAQ,CAAC,OAAO,CAAC;YAC1B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvE,MAAM,IAAI,KAAK,CAAC,4BAA4B,OAAO,EAAE,CAAC,CAAC;YACzD,CAAC;QACH,CAAC,CAAC,CAAC,CAAC,SAAS;QACb,WAAW,EAAE,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE;YACnD,MAAM,MAAM,GAAG,QAAQ,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;YAC9D,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,qBAAqB,IAAI,EAAE,CAAC,CAAC;YAC/C,CAAC;YAED,kEAAkE;YAClE,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBACpB,OAAO;oBACL,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,QAAQ,EAAE,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;wBACtC,IAAI,EAAE,GAAG,CAAC,IAAI;wBACd,OAAO,EAAE,iBAAiB,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,IAAI,EAAE,CAAC;qBACpD,CAAC,CAAC;iBACJ,CAAC;YACJ,CAAC;YAED,qEAAqE;YACrE,IAAI,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC;YAC9B,IAAI,MAAM,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC;gBACxB,IAAI,IAAI,kBAAkB,CAAC;gBAC3B,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;oBAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;oBAC7B,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;wBACxB,IAAI,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,KAAK,IAAI,CAAC;oBACtC,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,MAAM,CAAC,WAAW;gBAC/B,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAe,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,MAAe,EAAE,IAAI,EAAE,EAAE,CAAC;aAChF,CAAC;QACJ,CAAC,CAAC,CAAC,CAAC,SAAS;KACd,CAAC,CAAC;IAEH,kBAAkB;IAClB,MAAM,OAAO,GAAG,KAAK,IAAI,EAAE;QACzB,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;IAC5B,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IAElC,eAAe;IACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,OAAO,EAAE,CAAC,CAAC;IAC5E,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAiB;IAC5C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY,CAAC,OAAiB;IAC5C,MAAM,MAAM,GAA2B,EAAE,CAAC;IAC1C,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,UAAU,GAAG,CAAC,EAAE,CAAC;YACnB,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC;YAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;QACvB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,QAAkB;IAChD,MAAM,MAAM,GAA6B,EAAE,CAAC;IAC5C,KAAK,MAAM,MAAM,IAAI,QAAQ,CAAC,OAAO,IAAI,EAAE,EAAE,CAAC;QAC5C,MAAM,MAAM,GAAG,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC3E,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC;IAC/B,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB,CAAC,QAAgB,EAAE,IAA4B;IACxE,OAAO,QAAQ,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC;AAC3F,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CACxB,OAA2H,EAC3H,IAA4B;IAE5B,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;QAC5B,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,kBAAkB,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EAAE,CAAC;IACxE,CAAC;IACD,MAAM,QAAQ,GAAqD;QACjE,GAAG,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,EAAE,IAAI,CAAC;QACnD,IAAI,EAAE,kBAAkB,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,IAAI,EAAE,EAAE,IAAI,CAAC;KAC5D,CAAC;IACF,IAAI,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QAC9B,QAAQ,CAAC,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;IAChD,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,QAAQ,EAAE,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,SAAS,CAAC,YAAoB,EAAE,WAAmB,EAAE,YAAY,GAAG,KAAK;IACtF,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;IAClE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,YAAY,CAAC,EAAE,gBAAgB,CAAC,CAAC;IAEhF,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QAEzD,IAAI,UAAU,KAAK,WAAW,EAAE,CAAC;YAC/B,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;YACvE,OAAO,CAAC,KAAK,CAAC,eAAe,UAAU,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,KAAK,CAAC,eAAe,WAAW,EAAE,CAAC,CAAC;YAC5C,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAClB,OAAO,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC;YACtC,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAChE,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;YACzC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAElB,IAAI,YAAY,EAAE,CAAC;gBACjB,MAAM,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;gBACpD,OAAO,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;YAClE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,KAAK,CAAC,iBAAiB,WAAW,EAAE,CAAC,CAAC;gBAC9C,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;gBACrE,OAAO,CAAC,KAAK,CAAC,wCAAwC,WAAW,EAAE,CAAC,CAAC;gBACrE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAc,EAAE,CAAC;QACxB,MAAM,IAAI,GAAI,KAA+B,CAAC,IAAI,CAAC;QACnD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,2CAA2C;YAC3C,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7D,MAAM,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;YACpD,OAAO,CAAC,KAAK,CAAC,uCAAuC,WAAW,EAAE,CAAC,CAAC;YACpE,OAAO,CAAC,KAAK,CAAC,wCAAwC,WAAW,EAAE,CAAC,CAAC;QACvE,CAAC;aAAM,CAAC;YACN,oDAAoD;YACpD,OAAO,CAAC,KAAK,CAAC,6BAA8B,KAAe,CAAC,OAAO,EAAE,CAAC,CAAC;YACvE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,QAAQ,CAAC,KAAa;IACpC,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AAC9E,CAAC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
/**
|
|
3
|
+
* git-doc-mcp CLI entry point.
|
|
4
|
+
*
|
|
5
|
+
* Usage:
|
|
6
|
+
* npx git-doc-mcp --manifest <url-or-path> [options]
|
|
7
|
+
* npx git-doc-mcp serve --manifest <url-or-path> [options]
|
|
8
|
+
*
|
|
9
|
+
* Options:
|
|
10
|
+
* --manifest <path> URL or local path to manifest.yml
|
|
11
|
+
* --manifest-header <header> Header for fetching manifest (can be repeated)
|
|
12
|
+
* --manifest-hash <hash> Expected manifest hash (for pinning)
|
|
13
|
+
* --action-code-header <h> Header for downloading action scripts
|
|
14
|
+
* --secret <name=value> Pre-approved secret (can be repeated)
|
|
15
|
+
* --help Show help
|
|
16
|
+
* --version Show version
|
|
17
|
+
*/
|
|
18
|
+
import { Command } from 'commander';
|
|
19
|
+
declare const program: Command;
|
|
20
|
+
export { program };
|
|
21
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/cli/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC,QAAA,MAAM,OAAO,SAAgB,CAAC;AAwD9B,OAAO,EAAE,OAAO,EAAE,CAAC"}
|